Big bang theory of CVE-2012-4792

Jindrich Kubec Avast Software
Eric Romang

This presentation will detail a forensic & detective model that describes the early development of the watering hole campaign which was mostly active from December 2012 to January 2013, mainly targeting energy industries, governments, non-profit organizations and human rights websites. After the initial targeted attack, the vulnerability cooled sufficiently to allow integration in different confidential or public exploit kits.

We will also delve into the past and show that there is clearly a connection with previous (September 2012) watering hole attacks on industrial websites, and also with watering hole attacks through Twitter in May 2012. The earliest phases of the vulnerability, just like the Big Bang, are subject to much speculation. We will try to observe the most distant things that a security researcher can see. The timeline of the attacks, together with the disclosure, detection and publication dates, will be shown. In addition, the code structure and changes will be analysed, including the binary payloads, mostly remote access tools.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.